Most container vulnerabilities can be fixed using slimmer images
While it’s pretty easy to get a Python app running in a container, as with so much in life the “easy way” isn’t always the best way. Containers come with pre-installed Linux packages, which may or may not be important to making your app run but will impact your vulnerability reports.
Popular Python base images vary in size and the number of vulnerabilities they introduce. “Fat” images like :3.9, :3.8, and :3.7 are the most common, despite all the best practices stating you should use a slimmer base image to reduce attack surface. You can get both worlds in containers through the use of multi-stage builds, starting with the bigger images to simplify building and testing your code and then moving the required production packages to a slim image in the final stage.